Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [mosquitto-dev] odd TLS errors [SOLVED]

Hi Greg,

Thanks for the update, I bet that was frustrating to find. Good to
hear you've got it sorted though.



On Wed, 12 May 2021 at 17:20, Greg Troxel <gdt@xxxxxxxxxx> wrote:
> Greg Troxel <gdt@xxxxxxxxxx> writes:
> > I am seeing strange SSL errors on connections from a nodemcu sensor:
> >
> >   1620579609: OpenSSL Error[0]: error:1409441B:SSL routines:ssl3_read_bytes:tlsv1 alert decrypt error
> What was going on was:
>   I had a letsencrypt renewal, and now they are providing two chain
>   certificates.  One is from Identrust to the letsencrypt root, and the
>   next from the letsencrypt root to the letsencrypt R3, which signs the
>   end entity cert.  That way if you trust the letsencrypt root, as
>   up-to-date systems do, you can validate from that, and if you don't
>   and the identrust one isn't expired yet, you can validate from that.
>   The combination of 3 certs was kind of big, about 5.5K in the pem
>   file.
>   nodemcu's TLS implementation is documented to only work if the server
>   response fits in a 4K buffer.
>   [I changed the chain to be just the identrust to R3, as was in the
>   previous cert 9 weeks ago.  I will try just letsencrypt next.]
>   Now my nodemcu device works.  Obviously it was crashing and
>   restarting, and OpenSSL was getting EOF from the reset on next boot
>   and failing on that.  The only maybe bug in openssl is printing the
>   wrong error; it probably should have been "peer closed connection
>   during negotiation".
> My advice to check if your IOT devices are still working stands.
> _______________________________________________
> mosquitto-dev mailing list
> mosquitto-dev@xxxxxxxxxxx
> To unsubscribe from this list, visit

Back to the top